KitGuru KitGuru.net – Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards
Hackers are exploiting an unpatched bug in Flash Player, according to Adobe themselves. The firm has said that the vulnerability could cause a crash and allow a hacker to tack control of an affected system.
The CVE-2011-0611 bug is causing problems for Adobe as it is currently being exploited. A flash file (.swf) embedded in a Microsoft Word document that is delivered as an email attachment targets the Windows Platform, according to Adobe.
This critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Linux, Solaris and Macintosh. Flash Player 10.2.156.12 and earlier versions for Android. Versions 10.2.154.25 and earlier for Chrome are also affected. The authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems is also affected.
Adobe have issued a statement saying that they aren't aware of any attacks via PDF targeting Adobe Reader and Acrobat. Reader X Protected Mode mitigations would stop this kind of exploit from executing in the first place.
Adobe have said they are “in the process of finalizing a schedule for delivering updates”.
KitGuru says: Does this reinforce the point that Steve Jobs made a long time ago about the platform being open to huge security issues?
It is buggy, but to be fair it is a widely used software and the more popular something is the more it gets ‘attacked’ and weaknesses found.
My concern is that a bug of this kind is so huge and obvious that im stunned it was ever wrongly coded in the first place.